can you give some specific cipher like rc4-md5 using the --cipher command and see if it goes thro? maybe the 1st cipher suite sent by the client is not available with the server or something..you can use mozilla and edit the cipher suites in the advance tab or use openssl client connect command and supply some specific cipher which u know for sure is available on the server.
On Wed, May 11, 2011 at 2:54 PM, pradeepreddy <pradeepreddy....@gmail.com>wrote: > > Hi , > > My application is running with OpenSSL 0.9.8h 28 May 2008 in gentoo linux: > >uname -a > Linux localhost 2.6.32.9 #1 SMP Thu Jul 8 14:30:23 Local time zone must be > set--see zic m i686 Intel(R) Pentium(R) D CPU 2.80GHz GenuineIntel > GNU/Linux > > But ssl hand shake is failing with below error: > SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or > hash unavailable > > But on same linux, "openssl s_client -connect "server:8443" -cert > client.pem > -CAfile ca-win.pem", is wokring > > CONNECTED(00000003) > --- > Certificate chain > 0 s:/C=/ST=/L=/O=/OU=DGM/DC=CN=A1 > 1 s:/DC=/DC=/DC=/DC=/CN=A1 > i:/DC=/DC=/DC=/DC=/CN=A1 > --- > Server certificate > -----BEGIN CERTIFICATE----- > MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBd4LfcDl5d3ODPjBBDy7bL > YX6uDP6yG+RdbwR9ul4WRhOUXqb0jkHbaGy/Qlz70TGqfSme81yvLsYmChKTFloU > 3NDIRAqagGntPXyaR6WjbV652SYtENTL7RONZhxGyeqDF0ns5fLUAdE2eGYN9f3Y > X/k/vFrFnKEmEBEWlciwQjr7vag21YGBtIEeopqnRqN64HCGUVKWqap0sQXAJD/4 > -----END CERTIFICATE----- > subject=/C=/ST=/L=/O=/OU=/CN=XY2 > issuer=/DC=/DC=/DC=dev/DC=/CN=A1 > --- > Acceptable client certificate CA names > /DC=/DC=/DC=/DC=/CN=A1 > --- > SSL handshake has read 3241 bytes and written 3148 bytes > --- > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > Server public key is 2048 bit > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : DHE-RSA-AES256-SHA > Session-ID: > Session-ID-ctx: > Master-Key: C47BF1691AB846E449B5FA9E29EC4E25312D4C501 > Key-Arg : None > Start Time: 1305122070 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > > -- > View this message in context: > http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31597508.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
